Hackers Push Malicious Software Via AI Chatbot Recommendations
Hackers are exploiting widespread trust in artificial intelligence tools, actively pushing malicious software by manipulating AI chatbot recommendations. A newly uncovered cryptojacking campaign is...
Hackers are exploiting widespread trust in artificial intelligence tools, actively pushing malicious software by manipulating AI chatbot recommendations.
A newly uncovered cryptojacking campaign is abusing AI chatbot interactions to steer unsuspecting users toward malicious software download sites. The threat is quiet, convincing, and surprisingly easy for anyone to fall for, regardless of how careful they think they are online.
The campaign targets people who search for popular system utilities and hardware-monitoring tools, software commonly used by tech-savvy users and PC enthusiasts.
When someone searches for well-known programs like CrystalDiskInfo, HWMonitor, Display Driver Uninstaller, FurMark, or K-Lite Codec Pack, they can land on fake sites that look completely legitimate.
The attackers have specifically focused on users with high-performance GPUs, not to cast a wide net, but to target machines that offer the most value for cryptocurrency mining.
Analysts at Microsoft identified this campaign after detecting and blocking activity linked to it.
Microsoft Defender Experts and the Microsoft Defender Security Research Team said in a report shared with Cyber Security News (CSN) that this delivery method “extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations.”
The researchers noted that earlier stages of the campaign relied on traditional search engine manipulation, but by April 2026, a new and more dangerous tactic had emerged.
What makes this campaign different is how it evolved. Instead of only poisoning search engine results, the threat actors began influencing responses generated by large language model (LLM)-based AI tools.
When users asked AI chatbots for software download recommendations, the chatbots returned links pointing to attacker-controlled domains. Microsoft described this as AI search result poisoning, a direct extension of the old-school SEO manipulation playbook now applied to a widely trusted technology.
The goals of the campaign go beyond cryptocurrency mining. Attackers also set up persistent remote access on compromised machines using ScreenConnect software, leaving the door open for follow-on activity such as data theft, lateral movement across networks, or even ransomware deployment.
More than 150 malicious domains have been identified as part of this infrastructure, most of them hosted through a dynamic DNS provider commonly associated with threat actor activity.
Hackers Abuse AI Chatbot Recommendations
Once a victim clicks a download button on one of the fake sites, they receive a ZIP archive that looks like a legitimate software package. Hidden inside is a rogue DLL file called “autorun.dll” that activates when the real executable is launched.
This triggers the installation of a second malicious file, “vcredist_x64.dll,” which quietly deploys ScreenConnect for full control over the victim’s machine.
After ScreenConnect connects back to an attacker-controlled server, it delivers a file called “SimpleRunPE.exe.” This binary creates Registry Run keys and scheduled tasks for persistence, configures Microsoft Defender exclusions to avoid detection, and uses process hollowing to run mining code under a trusted Microsoft-signed binary.
The malware supports three mining programs: gminer, lolMiner, and SRBMiner-MULTI. To stay hidden, it also monitors for tools like Task Manager, Process Hacker, and Process Explorer, immediately pausing mining the moment any of them are opened.
Defending Against AI-Assisted Malware Delivery
Microsoft recommends that organizations enable cloud-delivered protection and run endpoint detection and response (EDR) in block mode to intercept threats even when antivirus signatures lag behind.
Implementing attack surface reduction rules adds another layer of defense against the DLL sideloading and process injection techniques used in this campaign. These configurations should be treated as baseline security hygiene, not optional extras.
For everyday users, the lesson is to verify software downloads through official vendor websites only, regardless of where a link comes from, including AI chatbot recommendations.
AI tools can surface helpful answers, but they can also be manipulated by threat actors to point users in dangerous directions. Staying skeptical of any download link, even one that appears in a trusted AI conversation, is now an important part of staying safe online.
Indicators of Compromise (IoCs):-
| Type | Indicator | Description |
|---|---|---|
| Domain | direct-download.gleeze[.]com | Attacker-controlled domain serving malicious ZIP archives |
| Domain | start-download.gleeze[.]com | Attacker-controlled domain serving malicious ZIP archives |
| Domain | direct-downloads.giize[.]com | Attacker-controlled domain serving malicious ZIP archives |
| Domain | free-download.giize[.]com | Attacker-controlled domain serving malicious ZIP archives |
| IP Address | 193.42.11[.]108 | Attacker-controlled ScreenConnect C2 server |
| SHA256 Hash | 16562974deec80e41ef57a71a6de8c03ceb393005fb1432f8d9d82c61294ef8c | Malicious file hash associated with campaign payload |
| SHA256 Hash | 1b2555b09ac62164638f47c8272beb6b0f97186e37d3a54cb84c723ff7a2eee5 | Malicious file hash associated with campaign payload |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.